From: Dan L. <da...@la...> - 2003-10-31 09:47:30
|
On 30 Oct 2003 at 22:58, Phil Stracchino wrote: > On Thu, Oct 30, 2003 at 09:53:20PM -0500, Dan Langille wrote: > > On Thu, 30 Oct 2003, Phil Stracchino wrote: > > > > > On Thu, Oct 30, 2003 at 08:27:38PM -0500, Dan Langille wrote: > > > > Yes, I forgot that bit. Bacula needs to have tcpwrapper support. The > > > > configure args is --with-tcp-wrappers. > > > > > > Yup, I know -- but the last time I tried to use it, it did nothing > > > except break configure. But, I have a new configure running right now; > > > and, hey hey, it works now. Cool ..... I'll update my configuration > > > script. > > > > > > After rebuilding with tcpwrappers re-enabled, editing hosts.allow, > > > restarting bacula, same test procedure as previously, results are the > > > same; no change. > > > > I suspect there is something in there which is allowing the connection. > > > > Hmmm. May I see your hosts.allow please? And have the IP addreses, hosts > > names of the machines running bacula-fd and the one from which you did the > > telnet? > > Hosts.allow is very simple. At the time of testing, it was set up like > this: > > > ALL : ALL \ > : severity auth.info \ > : twist /bin/echo "You are not welcome to use %d from %h." > > #ALL: local > #ALL: 192.168.0.0/255.255.255.0 > portmap: 192.168.0.0/255.255.255.0 > gdm: 192.168.0.0/255.255.255.0 > > # End of hosts.allow. > > > (Normally, the two commented-out lines above are enabled and the twist > rule is commented out.) Can you try it again, moving the twist to the end of the file? And don't forget to restart the daemon. Before you telnet. That's vital to the test. > babylon5 (192.168.0.10) runs fd, sd and director. > fds also currently run on: > llioness 192.168.0.11 Slackware 9 > minbar 192.168.0.13 Solaris 9 > pond 192.168.0.15 Windows 2000 > whitestar 192.168.0.22 Windows 2000 > mabolgamp 192.168.0.25 Windows 2000 > > I tested via telnet from minbar to babylon5. There is nothing in /etc/hosts.allow which permits connections to the daemon. Therefore, you should be getting the "not welcome" message. Cheers -- Dan Langille : http://www.langille.org/ |